HTTP/2 and Security

Yesterday I spoke about HTTP/2 and how it relates to security jobs at Mind the Sec. Today was the last day of the conference so now I have some spare time to write this blog post :)

Today was also the day that Bruce Schneier talked about lessons learned from Sony. Although he spoke about it previously in other conferences, it was a cool experience to see him in person. I also had the privilege to talk to him directly, so I asked 'Is your WiFi still open?', alluding his blog post on 2008 because it is a very polemic topic. He said 'yes'. This is interesting because even after all the debate around this theme, the mindset of considering that you're always in a hostile network is worth it. I believe on that. Google also believes on that, so they moved its corporate applications to the Internet. I had the pleasure to talk him about that. Those were the best 2 minutes of the entire conference hehe, amazing.

Back to HTTP/2 talk, I presented its inner workings, what changed from HTTP/1.1 and added more information not widely published such as reliability mechanism of http/2, told why speed matters -- it's not only from a technical perspective, but from a business perspective, to get more money because the UX will be better -- and opportunistic encryption, although it's not present on the RFC 7540.